ROPMEMU

Talos has developed ROPMEMU, a framework to analyze, dissect and decompile complex code-reuse attacks.
It adopts a set of
different techniques to analyze ROP chains and reconstruct their equivalent code in a form that can be
analyzed by traditional reverse engineering tools. In particular, it is based on memory forensics (as its
input is a physical memory dump), code emulation (to faithfully rebuild the original ROP chain), multi-path
execution (to extract the ROP chain payload), CFG recovery (to rebuild the original control flow), and a
number of compiler transformations (to simplify the final instructions of the ROP chain).